Skip to content
This repository has been archived by the owner on May 16, 2023. It is now read-only.

Fix AWS Config Notification #22

Merged
merged 2 commits into from
Feb 9, 2021
Merged

Fix AWS Config Notification #22

merged 2 commits into from
Feb 9, 2021

Conversation

flochaz
Copy link
Contributor

@flochaz flochaz commented Feb 9, 2021
edited
Loading

Context

Current compliancy issue notification system rely on AWS Config Events to react and notify users but this can't work since status is Not compliant from the begining and AWS Config does not provide an event giving results of re-evaluation.

This PR change the mechanism to leverage auto remediation system.

Tests

Unit

cd source/aws-bootstrap-kit
npm run test
...
 PASS  test/secure-root-user.test.ts (15.057 s)
---------------------------------------------------|---------|----------|---------|---------|---------------------
File                                               | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s   
---------------------------------------------------|---------|----------|---------|---------|---------------------
All files                                          |   96.14 |    78.57 |   97.56 |   96.12 |                     
 lib                                               |   97.73 |    75.41 |   95.83 |   97.73 |                     
  account-provider.ts                              |     100 |      100 |     100 |     100 |                     
  account.ts                                       |   96.15 |    83.33 |     100 |   96.15 | 185                 
  aws-config-recorder.ts                           |     100 |      100 |     100 |     100 |                     
  aws-organizations-stack.ts                       |   93.48 |    69.57 |      80 |   93.48 | 132,140,163         
  dns.ts                                           |    96.3 |       70 |     100 |    96.3 | 65                  
  index.ts                                         |     100 |      100 |     100 |     100 |                     
  organization-trail.ts                            |     100 |       50 |     100 |     100 | 145                 
  organization.ts                                  |     100 |      100 |     100 |     100 |                     
  organizational-unit.ts                           |     100 |      100 |     100 |     100 |                     
  secure-root-user.ts                              |     100 |      100 |     100 |     100 |                     
  validate-email-provider.ts                       |     100 |       75 |     100 |     100 | 78                  
  validate-email.ts                                |     100 |    83.33 |     100 |     100 | 47                  
 lib/account-handler                               |   94.74 |    88.46 |     100 |   94.44 |                     
  index.ts                                         |   94.74 |    88.46 |     100 |   94.44 | 57,62               
 lib/dns                                           |     100 |       50 |     100 |     100 |                     
  cross-account-dns-delegator.ts                   |     100 |      100 |     100 |     100 |                     
  cross-account-zone-delegation-record-provider.ts |     100 |       50 |     100 |     100 | 61                  
  cross-account-zone-delegation-record.ts          |     100 |       50 |     100 |     100 | 22-23               
 lib/dns/delegation-record-handler                 |   86.54 |    78.95 |     100 |   86.54 |                     
  index.ts                                         |   86.54 |    78.95 |     100 |   86.54 | 114,173-184,250-251 
 lib/validate-email-handler                        |     100 |    85.71 |     100 |     100 |                     
  index.ts                                         |     100 |    85.71 |     100 |     100 | 75-78               
---------------------------------------------------|---------|----------|---------|---------|---------------------

Test Suites: 8 passed, 8 total
Tests:       28 passed, 28 total
Snapshots:   0 total
Time:        27.109 s, estimated 41 s
Ran all test suites.

Integ tests

cd integTests/secureRootUserTest
...

SecureRootUserTestStack: creating CloudFormation changeset...
[██████████████████████████████████████████████████████████] (15/15)

 ✅  SecureRootUserTestStack

Result:
Screenshot 2021-02-09 at 14 39 00

email sent every re-evaluation failing.

ijemmy
ijemmy reviewed Feb 9, 2021
View reviewed changes
Copy link
Contributor

@ijemmy ijemmy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice one. Didn't expect SSM Document for this.

I have a few questions.

source/aws-bootstrap-kit/API.md Show resolved Hide resolved
source/aws-bootstrap-kit/API.md Show resolved Hide resolved
source/aws-bootstrap-kit/lib/secure-root-user.ts Outdated Show resolved Hide resolved
source/aws-bootstrap-kit/lib/secure-root-user.ts Outdated Show resolved Hide resolved
source/aws-bootstrap-kit/lib/aws-config-recorder.ts Outdated Show resolved Hide resolved
ijemmy
ijemmy approved these changes Feb 9, 2021
View reviewed changes
Copy link
Contributor

@ijemmy ijemmy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@flochaz flochaz merged commit 05a3212 into main Feb 9, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@melinaschweizer melinaschweizer melinaschweizer left review comments

@ijemmy ijemmy ijemmy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@flochaz @ijemmy @melinaschweizer